{
"document": {
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "National Cyber Security Centre",
"namespace": "https://www.ncsc.nl/"
},
"title": "CVE-2026-26189",
"tracking": {
"current_release_date": "2026-03-23T00:54:15.286851Z",
"generator": {
"date": "2026-02-17T15:00:00Z",
"engine": {
"name": "V.E.L.M.A",
"version": "1.7"
}
},
"id": "CVE-2026-26189",
"initial_release_date": "2026-02-18T15:42:57.957805Z",
"revision_history": [
{
"date": "2026-02-18T15:42:57.957805Z",
"number": "1",
"summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (4).| CWES updated (1)."
},
{
"date": "2026-02-18T15:43:05.985159Z",
"number": "2",
"summary": "NCSC Score created."
},
{
"date": "2026-02-19T19:38:50.750201Z",
"number": "3",
"summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (1).| References created (3).| CWES updated (1)."
},
{
"date": "2026-02-19T19:38:52.839849Z",
"number": "4",
"summary": "NCSC Score updated."
},
{
"date": "2026-02-19T21:27:48.327389Z",
"number": "5",
"summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (3).| CWES updated (1)."
},
{
"date": "2026-02-19T21:27:56.736475Z",
"number": "6",
"summary": "NCSC Score updated."
},
{
"date": "2026-02-19T22:39:29.431499Z",
"number": "7",
"summary": "Unknown change."
},
{
"date": "2026-02-19T22:39:44.350762Z",
"number": "8",
"summary": "References created (1)."
},
{
"date": "2026-02-20T14:13:46.158322Z",
"number": "9",
"summary": "Source created.| CVE status created. (valid)| EPSS created."
},
{
"date": "2026-02-20T14:13:47.582550Z",
"number": "10",
"summary": "NCSC Score updated."
},
{
"date": "2026-02-26T03:18:38.741525Z",
"number": "11",
"summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (4).| References created (5).| CWES updated (1)."
},
{
"date": "2026-02-26T03:24:59.852986Z",
"number": "12",
"summary": "Products created (1).| Product Identifiers created (1)."
},
{
"date": "2026-02-26T03:25:04.655338Z",
"number": "13",
"summary": "NCSC Score updated."
},
{
"date": "2026-02-26T03:28:23.699447Z",
"number": "14",
"summary": "NCSC Score updated."
},
{
"date": "2026-03-02T10:42:21.855181Z",
"number": "15",
"summary": "Products created (1)."
},
{
"date": "2026-03-02T12:35:15.709688Z",
"number": "16",
"summary": "Products removed (4)."
},
{
"date": "2026-03-03T13:09:37.318283Z",
"number": "17",
"summary": "Products connected (3)."
},
{
"date": "2026-03-20T09:44:35.538151Z",
"number": "18",
"summary": "Source connected.| CVE status created. (valid)| EPSS created."
},
{
"date": "2026-03-20T09:44:38.264793Z",
"number": "19",
"summary": "NCSC Score updated."
}
],
"status": "interim",
"version": "19"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/0.31.0",
"product": {
"name": "vers:unknown/0.31.0",
"product_id": "CSAFPID-5723503"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/0.32.0",
"product": {
"name": "vers:unknown/0.32.0",
"product_id": "CSAFPID-5723504"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/0.33.0",
"product": {
"name": "vers:unknown/0.33.0",
"product_id": "CSAFPID-5723505"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/0.33.1",
"product": {
"name": "vers:unknown/0.33.1",
"product_id": "CSAFPID-5723506"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/>=0.31.0|<0.34.0",
"product": {
"name": "vers:unknown/>=0.31.0|<0.34.0",
"product_id": "CSAFPID-5638729"
}
}
],
"category": "product_name",
"name": "trivy-action"
}
],
"category": "vendor",
"name": "aquasecurity"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/>=0.31.0|<0.34.1",
"product": {
"name": "vers:unknown/>=0.31.0|<0.34.1",
"product_id": "CSAFPID-5723578",
"product_identification_helper": {
"cpe": "cpe:2.3:a:aquasec:trivy_action:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "trivy_action"
}
],
"category": "vendor",
"name": "aquasec"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-26189",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
},
"notes": [
{
"category": "description",
"text": "Command Injection in aquasecurity/trivy-action via Unsanitized Environment Variable Export\n\n\nA command injection vulnerability exists in `aquasecurity/trivy-action` due to improper handling of action inputs when exporting environment variables. The action writes `export VAR=` lines to `trivy_envs.txt` based on user-supplied inputs and subsequently sources this file in `entrypoint.sh`.\n\nBecause input values are written without appropriate shell escaping, attacker-controlled input containing shell metacharacters (e.g., `$(...)`, backticks, or other command substitution syntax) may be evaluated during the sourcing process. This can result in arbitrary command execution within the GitHub Actions runner context.\n\n**Severity:**\n\nModerate\n\nCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N\n\nCWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)\n\n**Impact:**\n\nSuccessful exploitation may lead to arbitrary command execution in the CI runner environment.\n\n\n**Affected Versions:**\n\n* Versions >= 0.31.0 and <= 0.33.1\n* Introduced in commit `7aca5ac`\n\n**Affected Conditions:**\n\nThe vulnerability is exploitable when a consuming workflow passes attacker-controlled data into any action input that is written to `trivy_envs.txt`. Access to user input is required by the malicious actor.\n\nA representative exploitation pattern involves incorporating untrusted pull request metadata into an action parameter. For example:\n\n```yaml\n- uses: aquasecurity/trivy-action@0.33.1\n with:\n output: \"trivy-${{ github.event.pull_request.title }}.sarif\"\n```\n\nIf the pull request title contains shell syntax, it may be executed when the generated environment file is sourced.\n\n**Not Affected:**\n\n* Workflows that do not pass attacker-controlled data into `trivy-action` inputs\n* Workflows that upgrade to a patched version that properly escapes shell values or eliminates the `source ./trivy_envs.txt` pattern\n* Workflows where user input is not accessible.\n\n**Call Sites:**\n\n* `action.yaml:188` — `set_env_var_if_provided` writes unescaped `export` lines\n* `entrypoint.sh:9` — sources `./trivy_envs.txt`",
"title": "github - https://github.com/advisories/GHSA-9p44-j4g5-cfx5"
},
{
"category": "description",
"text": "Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in `aquasecurity/trivy-action` versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes `export VAR=` lines to `trivy_envs.txt` based on user-supplied inputs and subsequently sources this file in `entrypoint.sh`. Because input values are written without appropriate shell escaping, attacker-controlled input containing shell metacharacters (e.g., `$(...)`, backticks, or other command substitution syntax) may be evaluated during the sourcing process. This can result in arbitrary command execution within the GitHub Actions runner context. Version 0.34.0 contains a patch for this issue. The vulnerability is exploitable when a consuming workflow passes attacker-controlled data into any action input that is written to `trivy_envs.txt`. Access to user input is required by the malicious actor. Workflows that do not pass attacker-controlled data into `trivy-action` inputs, workflows that upgrade to a patched version that properly escapes shell values or eliminates the `source ./trivy_envs.txt` pattern, and workflows where user input is not accessible are not affected.",
"title": "cveprojectv5 - https://www.cve.org/CVERecord?id=CVE-2026-26189"
},
{
"category": "description",
"text": "Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in `aquasecurity/trivy-action` versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes `export VAR=` lines to `trivy_envs.txt` based on user-supplied inputs and subsequently sources this file in `entrypoint.sh`. Because input values are written without appropriate shell escaping, attacker-controlled input containing shell metacharacters (e.g., `$(...)`, backticks, or other command substitution syntax) may be evaluated during the sourcing process. This can result in arbitrary command execution within the GitHub Actions runner context. Version 0.34.0 contains a patch for this issue. The vulnerability is exploitable when a consuming workflow passes attacker-controlled data into any action input that is written to `trivy_envs.txt`. Access to user input is required by the malicious actor. Workflows that do not pass attacker-controlled data into `trivy-action` inputs, workflows that upgrade to a patched version that properly escapes shell values or eliminates the `source ./trivy_envs.txt` pattern, and workflows where user input is not accessible are not affected.",
"title": "nvd - https://nvd.nist.gov/vuln/detail/CVE-2026-26189"
},
{
"category": "description",
"text": "Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in `aquasecurity/trivy-action` versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes `export VAR=` lines to `trivy_envs.txt` based on user-supplied inputs and subsequently sources this file in `entrypoint.sh`. Because input values are written without appropriate shell escaping, attacker-controlled input containing shell metacharacters (e.g., `$(...)`, backticks, or other command substitution syntax) may be evaluated during the sourcing process. This can result in arbitrary command execution within the GitHub Actions runner context. Version 0.34.0 contains a patch for this issue. The vulnerability is exploitable when a consuming workflow passes attacker-controlled data into any action input that is written to `trivy_envs.txt`. Access to user input is required by the malicious actor. Workflows that do not pass attacker-controlled data into `trivy-action` inputs, workflows that upgrade to a patched version that properly escapes shell values or eliminates the `source ./trivy_envs.txt` pattern, and workflows where user input is not accessible are not affected.",
"title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FCVE-2026-26189.json?alt=media"
},
{
"category": "other",
"text": "0.00087",
"title": "EPSS"
},
{
"category": "other",
"text": "4.4",
"title": "NCSC Score"
},
{
"category": "other",
"text": "There is product data available from source Nvd",
"title": "NCSC Score top increasing factors"
},
{
"category": "other",
"text": "The value of the most recent EPSS score",
"title": "NCSC Score top decreasing factors"
}
],
"product_status": {
"known_affected": [
"CSAFPID-5638729",
"CSAFPID-5723503",
"CSAFPID-5723578",
"CSAFPID-5723504",
"CSAFPID-5723505",
"CSAFPID-5723506"
]
},
"references": [
{
"category": "external",
"summary": "Source - github",
"url": "https://github.com/advisories/GHSA-9p44-j4g5-cfx5"
},
{
"category": "external",
"summary": "Source raw - github",
"url": "https://api.github.com/advisories/GHSA-9p44-j4g5-cfx5"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26189"
},
{
"category": "external",
"summary": "Source raw - cveprojectv5",
"url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/26xxx/CVE-2026-26189.json"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26189"
},
{
"category": "external",
"summary": "Source raw - nvd",
"url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-26189"
},
{
"category": "external",
"summary": "Source - first",
"url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26189"
},
{
"category": "external",
"summary": "Source raw - first",
"url": "https://api.first.org/data/v1/epss?limit=10000&offset=0"
},
{
"category": "external",
"summary": "Source - osv",
"url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FCVE-2026-26189.json?alt=media"
},
{
"category": "external",
"summary": "Source - first",
"url": "https://api.first.org/data/v1/epss?limit=10000&offset=0"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; github; nvd; osv",
"url": "https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-9p44-j4g5-cfx5"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; github; nvd; osv",
"url": "https://github.com/aquasecurity/trivy-action/commit/7aca5acc9500b463826cc47a47a65ad7d404b045"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; github; nvd; osv",
"url": "https://github.com/aquasecurity/trivy-action/commit/bc61dc55704e2d5704760f3cdab0d09acf16e4ca"
},
{
"category": "external",
"summary": "Reference - github",
"url": "https://github.com/advisories/GHSA-9p44-j4g5-cfx5"
},
{
"category": "external",
"summary": "Reference - github; osv",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26189"
},
{
"category": "external",
"summary": "Reference - osv",
"url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26189.json"
}
],
"scores": [
{
"cvss_v3": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"products": [
"CSAFPID-5638729",
"CSAFPID-5723503",
"CSAFPID-5723504",
"CSAFPID-5723505",
"CSAFPID-5723506",
"CSAFPID-5723578"
]
}
],
"title": "CVE-2026-26189"
}
]
}